The present invention relates to the field of the protection of software products against piracy. It has as its object a process of controlling the execution of a software product.
A software product is understood to mean any program and/or data intended to be processed or executed by a central processing unit, particularly the microcomputer of a personal computer (PC). Software products can be recorded on any medium such as a diskette, hard disk, CD-ROM compact optical disk, or stored on any medium such as a ROM or EPROM type memory.
Computer programs or software products, particularly for a PC, are more and more copied and used without authorization. This is accentuated by the possibility of disseminating the copy on a large scale over networks of servers or to copy it by a mass production of CD-ROMs on which the software is recorded. Simple illegal copies which can be produced on a hard disk or on microcomputer diskettes within the same company are also known.
Among the solutions for preventing illegal use of software products, a system is known for controlling the distribution of computer programs. The program is recorded on its medium in a coded form, and it is then decoded before loading on the computer by the authorized user. For this purpose, the authorized user has means permitting decoding. This process has the advantage of preventing the copying of the medium containing the program, but it has the disadvantage of not preventing the copying of the program from the PC.
A process for controlling the execution of the program is likewise known. It consists of putting into effect a procedure which permits the verification of the presence of a secure device connected to the serial port of the PC, in particular, or to a printer port, this device proving by its presence that the user is authorized to use the program. The presence and authenticity of the device is verified during the execution of the program, continuing the execution of the program being dependent on the verification. This process has the disadvantage that it can be by-passed by skipping the instructions corresponding to this verification.
A process for controlling the use of a microcomputer by an authorized person, and thus indirectly of any program contained within it, is likewise known. It uses a chip card with a microcircuit, commonly known as a “smart card”. In this process, a PC is connected via a suitable interface to the smart card, contains a secret authorization code. The authorized user has to key in the access code, which is compared with that stored in the smart card. If the codes correspond, access to the computer or to data or to a computer program is authorized.
This process has the disadvantage of not being able to directly protect the medium before it is loaded into the computer. The medium can therefore be copied.
In the following description, there is understood by “smart card”, any accessory type of chip medium which is detachable and portable, and which comprises at least one security module containing a microprocessor and a memory space suitable for containing secret data such as a secret key, as well as secret programs. In particular, a module is concerned which can be inserted into an input/output port of a computer; preferably, it is a card of standardized form, a chip card, or a mini chip card.